enable tunnel mode and then specify the following settings:
—Choose a tunnel interface for access to this gateway.
—Specify the maximum number
of users that can simultaneously access the gateway for authentication,
HIP updates, and GlobalProtect agent and app updates. If the maximum
number of users is reached, subsequent users are denied access with
a message that indicates the maximum number of users has been reached
(range is 1-1024; by default, there is no limit).
—Select this option to
enable IPSec mode for client traffic, making IPSec the primary method
and SSL-VPN the fallback method. The remaining options are not available until
IPSec is enabled.
GlobalProtect IPSec Crypto
a GlobalProtect IPSec Crypto profile that specifies authentication
and encryption algorithms for the VPN tunnels. The
option to enable Extended Authentication (X-Auth) support in the
GlobalProtect gateway when IPSec is enabled. With X-Auth support,
third party IPSec VPN clients that support X-Auth (such as the IPSec
VPN client on Apple iOS and Android devices and the VPNC client
on Linux) can establish a VPN tunnel with the GlobalProtect gateway.
The X-Auth option provides remote access from the VPN client to
a specific GlobalProtect gateway. Because X-Auth access provides
limited GlobalProtect functionality, consider using the GlobalProtect
App for simplified access to the full security feature set GlobalProtect
provides on iOS and Android devices.
If the group name and
group password are specified, the first authentication phase requires
both parties to use this credential to authenticate. The second
phase requires a valid username and password, which is verified
through the authentication profile configured in the Authentication section.
If no group name and group password are defined, the first authentication
phase is based on a valid certificate presented by the third-party
VPN client. This certificate is then validated through the certificate
profile configured in the authentication section.
By default, the user is not required to re-authenticate when the
key used to establish the IPSec tunnel expires. To require the user
to re-authenticate, clear the